PayPal Phishing

There’s a new phishing attack targeting PayPal customers. It begins with an email like the following:

Subject: PayPal Account Review Department

Dear PayPal customer,

We recently reviewed your account, and we suspect an unauthorized transaction on your account

Protecting your account is our primary concern. As a preventive measure we have temporary limited your access to sensitive information.

Paypal features. To ensure that your account is not compromised, simply hit “Resolution Center” to confirm your identity as member of Paypel.

  • Login to your Paypal with your Paypal username and password.
  • Confirm your identity as a card member of Paypal

Please confirm account information by clicking here Resolution Center and complete the “Steps to Remove Limitations.”

hookAll typos and grammatical errors are from the original email.

If someone was to click on the link provided in the email they would be taken to a hacked copy of PayPal’s site and they’d be asked to provide their bank’s name, ATM PIN code, mother’s maiden name, birth date,and social security number. All very personal information that the real PayPal doesn’t need.

So avoid traps like these by never giving out sensitive information like the above, not trusting emails you didn’t ask for, and most of all use a good antivirus package that also scans web sites for attacks such as this. Also have a look at the new version of Haute we discussed recently, available for free.

There are thousands of phishing emails such as this and over time the quality of them gets better, such as the tax scams we wrote about earlier (Australian version here, US version here) and the student phishing attack last month.


red keyboard There’s a malware program called MonaRonaDona, if you end up installing it (by being tricked into downloading something you don’t really need) it causes a bit of havoc with your computer.

It then suggests you try an antivirus program called Unigray. This is one of those fake antivirus programs that have been appearing lately. All it does is mess up your computer, and you’re asked to pay $39.90 for it.

So stay away from MonaRonaDona and Unigray. Use one of the popular antivirus packages (such as those you can buy in a computer shop).

Funny Postcard

If you receive an email taking you to a web site called “FunnyPostCard” delete it, it’s a trick to get you to download a malicious bit of code that takes over your computer.

The website also says , or FunnyPostCard.Com . The files it asks you to download is called e-card.exe and postcard.exe .

“Be More Careful” Scam

There are some scam emails going around asking for large amounts of money from readers, such as $30,000.

The emails contain the following in the subject and in the first line of the email:


The rest of it has a long story saying they’ve been asked to kill you and in exchange for money they won’t. It’s a scam hoping to lure worried people with plenty of cash, and if you’re worried you can mention it to your local police.

Note: this is also classified as a hoax though it’s more like a scam.  A hoax is doesn’t involve asking for money whereas a scam does.

Encrypted external hard drive isn’t

A new external hard drive claims to use hardware data encryption using 128 bit AES. The case is a 2.5″ Easy Nova Data Box PRO-25UE RFID hard drive case by German vendor Drecom.

drecom drive In the security world AES is a recognised and trusted encryption protocol, so at first glance this external hard drive enclosure seems useful for transporting data outside the office or home.

However on closer inspection the drive uses a chipset from INNMAX, the IM7206, believing it provided AES encryption to data. INNMAX’s marketing strongly implies that AES encryption is being used for data on disk.

When questioned, INNMAX said:

The IN7206 merely uses AES encryption when saving the RFID chip’s ID in the controller’s flash memory. The company explained that actual data encryption is based on a proprietary algorithm. The company claims the IM7206 only offers basic protection and is designed for “general purpose” users.

In fact they’re using a security known as XOR, which is as secure as writing “do not read” on an envelope. Anyone with a basic understanding of programming can decode it in minutes.

It’s a case of marketing people not really understanding the technology and using buzzwords to sell products.

If you need to transport lots of data on portable hard drives then you should encrypt the disk using some encryption software, such as the ones mentioned in our previous article.

Tax Refund Scams Have Reached Australia

The tax refund scam mentioned a few days ago now comes in an Australian version. It’s the same email and same scam but customised to look like the Australian Tax Office (ATO). They even make a fake website that copies the ATO’s website.

The scam involves asking people for their credit card number, expiry date, security code, and other personal details.


Spear Phishing – Targetting Students

spear Spear phishing is a term referring to targeted attacks on organisations to collect personal details. This latest warning will explain:

Students and staff at a few colleges and universities in the US have been receiving emails that appear to come from their system administrators. The emails state that a database is being updated and asks users to provide their username, password, and date of birth.

The schools targeted include Columbia University, Duke University, Princeton University, Purdue University, and the University of Notre Dame.

This information is collected by the people who sent the emails and used to compromise their accounts.

Be very suspicious of emails asking you to provide any personal details, especially if you didn’t request the email. And pay particular attention to which website the email links to – it’s a common tactic to use a similar sounding address that contains a typo (something that the human mind sometimes ignores).

Update: Australian universities have also been targetting in this attack. 

Fake IRS Tax Refunds

Emails are being sent claiming to be from USA’s IRS department. They claim to offer a $375 refund for filling out a form. The form is hosted on a hacked web site, not on the IRS’s web site. The form asks for a large amount of personal information including credit card numbers and PIN numbers. This information is collected (a trick known as phishing) and later used to commit identity theft (and effectively stealing your money).

cash_hand When doing any taxes online please ensure the website is correct. See this earlier article on how to recognise deceptive domain names (URLs) and check for SSL certificates on the page (double click on the padlock icon in Internet Explorer, read who owns the site).

Good antivirus packages these days will also keep track of which web sites you go to and alert you if it’s a known fraud site. So it’s a good investment to purchase one.